Monitor Security Vulnerabilities and Issues — Monitor CVE List

Op5Monitor

9 matches found

CVE•added 2013/12/31 8:0 p.m.•135 views

CVE-2012-0262

CVE-2012-0262 affects OP5 Monitor and OP5 Appliance prior to version 5.5.3. The vulnerability arises on the welcome page (op5config/welcome) where remote, unauthenticated attackers can cause arbitrary command execution by submitting shell metacharacters in the password parameter. Impact is remote...

10CVSS8AI score0.72851EPSS

Web

CVE•added 2013/12/31 8:0 p.m.•94 views

CVE-2012-0261

CVE-2012-0261 affects OP5 Monitor and OP5 Appliance: the license.php script in system-portal is vulnerable to remote command execution through shell metacharacters in the timestamp parameter of an install action. The validated root cause is improper input validation in license.php, leading to arb...

10CVSS7.7AI score0.73949EPSS

Web

CVE•added 2008/11/10 3:0 p.m.•82 views

CVE-2008-5028

CVE-2008-5028 is a CSRF in Nagios' cmd.cgi affecting Nagios 3.0.5 and op5 Monitor before 4.0.1. The vulnerability allows remote attackers to trigger commands in the Nagios process via unspecified HTTP requests, potentially enabling execution of arbitrary commands. Related advisories (Gentoo GLSA-...

6.8CVSS7.8AI score0.0168EPSS

CVE•added 2022/11/14 12:0 a.m.•70 views

CVE-2021-40272

CVE-2021-40272 affects OP5 Monitor versions 8.3.1, 8.3.2, and 8.3.3. The Nuclei template and CVE entries confirm a Cross-Site Scripting (XSS) vulnerability in OP5 Monitor, with potential for exploitation to cause unauthorized access or data theft. The typical impact is tied to XSS execution in th...

6.1CVSS6.1AI score0.01036EPSS

CVE•added 2008/11/10 3:0 p.m.•68 views

CVE-2008-5027

CVE-2008-5027 affects Nagios: the Nagios process in Nagios (pre-3.0.5) and in op5 Monitor (pre-4.0.1) can bypass authorization for remote authenticated users, enabling execution of arbitrary programs via a custom form or a browser addon. Impact is described as remote code execution with partial c...

6.5CVSS7.2AI score0.06738EPSS

CVE•added 2013/12/31 8:0 p.m.•43 views

CVE-2012-0263

Affected products: op5 Monitor and op5 Appliance (before 5.5.1). Vulnerability description (as stated): remote authenticated users can obtain sensitive information (e.g., database and user credentials) via error messages triggered by (1) a malformed hoststatustypes parameter to status/service/all...

4CVSS5.9AI score0.01941EPSS

Web

CVE•added 2013/12/31 8:0 p.m.•43 views

CVE-2012-0264

CVE-2012-0264 affects op5 Monitor and op5 Appliance prior to version 5.5.0. The root cause is improper management of session cookies, which yields a remote impact with an unspecified vector and unspecified consequences (per the description). The NVD metrics indicate a high severity (CVSS 2.0: bas...

10CVSS7AI score0.04361EPSS

CVE•added 2014/01/29 6:0 p.m.•43 views

CVE-2013-6141

CVE-2013-6141 affects op5 Monitor versions before 6.1.3, due to an unspecified information disclosure caused by lack of authorization, allowing attackers to read arbitrary files. Affected component: op5 Monitor. Impact: information disclosure with partial confidentiality impact. Exploitation vect...

5CVSS6.6AI score0.00993EPSS

CVE•added 2014/07/11 10:0 a.m.•42 views

CVE-2014-4907

The CVE-2014-4907 entry corresponds to an XSS vulnerability in PNP4Nagios prior to version 0.6.22, specifically in share/pnp/application/views/kohana_error_page.php where an input parameter in error messages is not properly sanitized. Exploitation could allow remote attackers to inject arbitrary ...

4.3CVSS5.5AI score0.02214EPSS